Search for a path forward

As tens of thousands of people from all over the world convened this week in San Francisco for the RSA Conference to learn about the latest in cybersecurity innovation, the iPhone dispute between Apple and the FBI dominated the conversation.

SAN FRANCISCO — It was all anyone seemed to want to talk about. Whether inside the vast exhibit halls or at the after parties at this year's RSA Conference, just about everyone had something to say about the legal dispute between Apple and the FBI.

Shouting over a DJ's thumping music at the many lavish parties thrown by cybersecurity vendors hoping to land new customers at the world's biggest digital security expo, Washington officials and tech executives polled one another about whether the US government's case against Apple would reach the Supreme Court.

Over pickled eggs and veal tartare, they fiercely debated whether it would be technically possible for Apple to help investigators access data on just one iPhone – or if the order amounts to a government backdoor into many devices that could compromise millions of consumers’ security and privacy.

Apple's fight against US court order demanding it write new software to bypass strong security measures on the smartphone used by the San Bernardino shooter has ignited one of the most controversial, high-profile debates about digital security the country has seen in years.

So it’s no surprise it was the talk of the town here. "It’s been a huge focus," says Merritt Maxim, a senior analyst at Forrester Research. "The dialogue's been happening all week."

"It’s interesting to everyone, and not just in security," he continued, "My mother’s interested in it. It’s not just about the technical issues, but the underlying issues: What rights does the government have, what rights does the individual have, and where do you find that balance? This a high-profile event to have these discussions."

Ever since the so-called "cryptowars" in the 1990s over a government plan to install a backdoor into encryption, the RSA Conference has been a hotbed for debate about whether the US government should be able to build in access to secure consumer technology.

Passcode deputy editor Sara Sorcher interviewed Assistant Attorney General for National Security John Carlin, RSA President Amit Yoran, and former White House cybersecurity advisor Richard Clarke at the second annual Beat the Breach event in San Francisco on March 1.

"In this particular case, the stakes are high," said John Carlin, the Justice Department’s assistant attorney general for national security, at the Beat the Breach event. "It's the most serious terrorist attack since 9/11. The community is suffering and wants answers – and an important investigative step here would be to access the phone of what is actually a customer that wants help."

But Richard Clarke, a former White House counterterrorism adviser, shot back: "This isn’t something you want to search. You’re trying to force American citizens to do something – in this case write code – that they don’t want to write." Apple argues the order violates its First Amendment rights by compelling the company to write new code it believes is too dangerous for its consumers.

Mr. Clarke says he has "enormous sympathy for people who are fighting terrorists, and I understand that they want all the tools they can get."

But he also insisted that national security argument doesn’t hold water here. "We have already decided long ago that we’re not going to let counterterrorism people have everything they want …. Having secure encryption end-to-end has greater national value than this incremental addition to the FBI [capabilities]."

This is a case where the interests of law enforcement and intelligence agencies, said RSA President Amit Yoran, does not "align with those trying to defend our critical infrastructure, and our networks."

What’s more, Mr. Yoran openly worried, a win for the US government in this case could compromise users’ trust in all American technology. "We’re setting a very, very dangerous precedent where consumers’ trust in the products and technology they use, and security and privacy protection technologies they use, will at its core be in question."

Passcode deputy editor Sara Sorcher interviewed Assistant Attorney General for National Security John Carlin, RSA President Amit Yoran, and former White House cybersecurity adviser Richard Clarke about the dispute between Apple and the FBI at the second annual Beat the Breach event in San Francisco on March 1. Tony Avelar/The Christian Science Monitor.

What most everyone at the conference wants to know, Forrester’s Maxim says, "is regardless of where the court decision goes, what kind of precedent does that set?"

Some of the world’s biggest brains in the cryptography field asked those same questions this week.

At a time when criminal and terrorist hackers are growing more advanced, "the good of the country relies on people having strong security. The systems we have are so fragile," says cryptographer Ron Rivest, a Massachusetts Institute of Technology professor, "that trying to extra keys or extra ways in… is asking for all kinds of trouble."

Other big name keynote speakers from companies echoed this view. "Despite the best of intentions, one thing is clear: The path to hell starts at the backdoor. And we need to make sure that encryption technology remains strong," said Microsoft’s President Brad Smith, pledging to stand with Apple to thunderous applause.

Yet even those with such strong opinions on the issue acknowledged the public will have to decide the appropriate trade-offs between consumer security and privacy – and law enforcement’s pursuit of criminals and terrorists – in American society.

"We need to have a discussion where we figure out what’s right for the country, rather than what’s right for this agency or that company, said cryptographer Paul Kocher.

On that, at least, US officials seem to agree.

"Let’s all stop talking past each other," said National Security Agency chief Adm. Mike Rogers. While he didn’t mention the Apple brouhaha or encryption specifically, the subtext was clear.

"We have got to get to a dialogue. That dialogue shouldn’t be the government unilaterally deciding what we should do; the industry unilaterally deciding what they ought to do. We’ve got to team up together to decide what is in the realm of the possible," he said.

What’s more, Admiral Rogers, "our citizens need to be the ones who say: 'This is what we are comfortable with, and this is not.' "